tpm2-tools icon indicating copy to clipboard operation
tpm2-tools copied to clipboard
verified publisher icon tpm2-software

PCR Initialization looks incomplete

Open williamcroberts opened this issue 4 years ago • 2 comments

Why don't we initialize the full PCR selection to 0's and test for things like pcr selection including 24? See: https://github.com/tpm2-software/tpm2-tools/blob/master/lib/pcr.c#L49

williamcroberts avatar Mar 29 '21 18:03 williamcroberts

@williamcroberts can you please elaborate?

idesai avatar Sep 02 '21 23:09 idesai

Right now we initialize a TPML_PCR_SELECTION to:

    pcr_select->sizeofSelect = 3;
    pcr_select->pcrSelect[0] = 0;
    pcr_select->pcrSelect[1] = 0;
    pcr_select->pcrSelect[2] = 0;

And then fill in the bits from there. So right now we only support bits 0-23 set. However, the selection can have up to 16 bytes of selection bits. Currently no TPM is using them I am aware of, everything is set to 3 bytes and those bits. But Im thinking if we wanted to future proof this code we could. "all" should continue to be sizeofSelect 3 with three bytes of 0xFF as thats how all TPM's currently work.

For the code, I think the initialization could be simplified to a memset 0 over filling in each byte, then just set the sizeofSelect to 3.

williamcroberts avatar Sep 07 '21 17:09 williamcroberts